Chapter 8. Backend Security Considerations

The security of your app is going to be one of the top concerns for the dev team, the Product team, and the whole organization. You never want an unintended entity to gain access they aren’t supposed to have. That’s why you’ll need to look at the app from all angles, such as authentication, authorization, validation, common attacks, and external dependencies.

Security is a topic with so much depth and breadth that entire books are dedicated to it. I’m going to keep this chapter focused on what you can do on the backend specifically, but there are far more areas covered by security. You may be lucky enough to work with a Security team. They go through every part of the company’s technical infrastructure, all the way down to what you can install on your laptop.

In this chapter, you will learn about:

• Authentication methods and when to use them

• Authorization for users to give them different levels of access to the functionality and data in the ...